1. Technical Field
The present invention relates to a composite chip card with a security protection interface and a method for controlling the same. More particularly, the present invention relates to a composite chip card integrated with an induction coil, a chip module, and a security protection interface, and to a method for controlling the composite chip card.
2. Description of Related Art
As global economy grows with heated competition among its participants, plastic money has been a widely used and almost indispensable tool for purchases, payment, and various commercial transactions in all developed countries and regions. In fact, the plastic money is now as important as the traditional currency.
In recent years, plastic money has benefited from the continuous progress and miniaturization of integrated circuits (ICs). Lately, plastic money is integrated with miniaturized ICs to form chip cards which have more functions and wider applicability than without the ICs. The types of chip cards have evolved with consumers' needs from contact cards (e.g., credit cards, ATM cards, and health insurance cards) to contactless cards (e.g., EasyCards and access control cards). Nowadays, there have also been composite chip cards, which have both contact and contactless interfaces, such as the Visa Wave card issued by VISA (Visa International Service Association), intelligent ID cards, and electronic purses.
The contactless cards work on the principle of Radio Frequency Identification (RFID), as illustrated in FIG. 1. An RFID system essentially includes at least one tag A10, a reader A20, and a host A30. The tag A10 is configured for storing all kinds of information about a user. The reader A20 is a tool for reading information from or storing information into the tag A10. The reader A20 transmits the read the information to the host A30, which decodes the information with various application programs and thereby assists the user in making the right decision promptly. The tag A10 further includes a radio-frequency module A11, a microprocessor A12, and an Electrically Erasable Programmable Read-Only Memory (EEPROM) A13. Upon sensing radio waves emitted by the reader A20, the tag A10 generates an “alternating magnetic field”. Consequently, the radio-frequency module A11 and the microprocessor A12 of the tag A10 are activated to transmit information in the EEPROM A13 to the reader A20. The reader A20 then transmits data to the host A30 through wires or a network.
The tag A10 can be either active or passive. An active tag A10 includes a battery and can transmit information to the reader A20 at any time. Besides, the active tag A10 has a relatively long communication distance and a relatively large memory, though at a relatively high price. On the other hand, a passive tag A10 is powered by an induced micro-current generated in the tag A10 due to electric waves emitted by the reader A20. The passive tag A10 uses the same electric waves to transmit information back to the reader A20 and therefore has a relatively short communication distance. The passive tag A10 has such advantages as no need for battery, small volume, low price, long service life, and digital information portability. The passive tag A10 has a built-in antenna for sensing and generating radio-frequency waves and thereby receiving and transmitting data.
The reader A20 includes a radio-frequency module A21 and a microprocessor A22. The host A30 and the various application programs serve to control the reader A20 in data receipt, transmission, identification, and management.
Presently, the ISO standards applicable to the RFID industry include ISO 14443 for proximity coupling smart cards and ISO 15693 for vicinity coupling smart cards. ISO 14443 defines an operation standard for smart cards which are read in a contactless manner within a distance of 10 cm, and most mass transportation passes fall into this category of smart cards. ISO 15693, on the other hand, is an operation standard for smart cards with a reading distance up to 1 m and is applicable to access control cards in general. While both standards are applicable mainly to smart cards, a comparison of their features is presented in Table 1.
TABLE 1Comparison between ISO 14443 and ISO 15693FunctionISO 14443ISO 15693Operating frequency13.56 MHz13.56 MHzReading distanceProximityVicinityChip typeMicrocontroller unitWired logic memory(MCU) or wired logicmemory (an electroniccircuit without MCU)Memory capacity64 byte~64K256 byte~2 KBReadability andReadable andReadable andwritabilitywritablewritableData transfer rateUp to 106, can beUp to 106(kbps)increased to 848Anti-impactYesYes
In addition, the ISO 18000 series for item management is the first set of international standards for wireless communication technology used in logistic systems. In view of the importance of supply chain management, ISO (International Organization for Standardization) organized an ISO/IEC team for preparing the 18000 series standards as RFID air interface guidelines for item management. Currently, the ISO 18000 series includes six parts, as shown in Table 2. The most important part of the series is ISO 18000-6, whose target frequency range, namely 860˜930 MHz, is the optimal choice for logistic management. Therefore, ISO 18000-6 has been a major international standard for supply chain RFID application techniques.
TABLE 2ISO 18000 series standardsPartContentField of application18000-1General parameters for airinterface communication(AIC) at globallyacceptable frequencies18000-2Parameters for AIC belowShort-range paper-based tags,135 MHzsuch as access control cards18000-3Parameters for AIC atWired logic memory13.56 MHz18000-4Parameters for AIC atLong-range applications,2.456 GHzsuch as real-time locatingsystems18000-5Parameters for AIC at18000-5 has been withdrawn.5.8 GHz18000-6Parameters for AIC atMost suitable for logistic860~930 MHzand asset management18000-7Parameters for AIC atSimilar to 18000-6, though433.92 MHzwith a lower reading speedand more susceptible tointerference by othercommunication equipments
Further, a brief description of the transaction specifications of Visa Wave is presented below. In order to expedite transaction in channels which only involve small transaction amounts, a Visa Wave cardholder is not required to sign if the transaction amount is not greater than NT$ 3000. Moreover, the issuer bank of a Visa Wave card is entitled to decide whether an ordinary “on-line transaction” processing procedure or a faster “off-line transaction” processing procedure applies to a particular transaction, based on risk control considerations. Off-line transaction is as safe as on-line transaction because each Visa Wave card has an “accumulated risk allowance”. When the accumulated transaction amount exceeds a certain limit, the “on-line transaction” processing procedure will automatically apply, and in consequence the transaction will be verified with the issuer bank through a terminal to ensure payment security.
Today, on-line transaction is the major transaction mode. According to the on-line transaction processing procedure, each transaction must be communicated to the issuer bank via a terminal and cannot be closed unless the terminal receives confirmation and authorization from the bank; therefore, the time required for each transaction is about 30 seconds. By contrast, off-line transaction is a transaction mode designed for merchants conducting small transactions and requiring payments to be processed rapidly. When a cardholder performs an off-line transaction, the transaction can be completed without being communicated to the issuer bank for authorization; hence, it only takes approximately two to five seconds to close the transaction.
Existing composite chip cards are provided with various advanced encryption mechanisms built in the chips and use dynamic data authentication (DDA) to increase the security of transaction and data transfer, thereby effectively preventing card data from being stolen and remotely copied during transaction. However, as consumers usually carry the cards with them for convenience of use, and the composite chip cards can be sensed by means of wireless signals, there have been instances where crooks used wireless transmitters and sensors to capture card data, and such illegal activities are very difficult to detect and control. Therefore, it is a serious and pressing issue to protect composite chip cards from data theft and subsequent fraudulent use.
As a solution to the foregoing issue, the present invention provides a simple yet effective device and method incorporating a security protection interface so as to prevent consumer data from theft, and chip cards from unauthorized use, thereby enhancing the security of composite chip cards while they are carried around and used.